From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: 2.6.25-rc8 regression with openswan Date: Thu, 03 Apr 2008 16:36:35 +0200 Message-ID: <47F4EB73.1040705@trash.net> References: <47F4BD3F.30703@trash.net> <47F4C833.1020607@trash.net> <47F4CF29.2000104@trash.net> <47F4E12B.3040508@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, Kazunori MIYAZAWA To: Marco Berizzi Return-path: Received: from stinky.trash.net ([213.144.137.162]:36582 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757537AbYDCOgl (ORCPT ); Thu, 3 Apr 2008 10:36:41 -0400 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: Marco Berizzi wrote: > Patrick McHardy wrote: > >> Manually adding SAs works fine for me, can you figure out what >> kind of SA openswan was trying to add? > > I have sent you the output of ip -s x s > and ip -s x p when openswan is working with > 2.6.25-rc8 with the commit df9dcb458 reverted. > Let me know you need ssh access to my 2.6.25 > box. The problem appears to be that openswan doesn't initialize the selectors family when adding new SAs. xfrm_init_state() uses the family to decide whether to set up inter family SAs or regular SAs. We used to fix up the family in xfrm_user, but this is now only done for transport mode SAs. - /* - * Set inner address family if the KM left it as zero. - * See comment in validate_tmpl. - */ - if (!x->sel.family) + if (x->props.mode == XFRM_MODE_TRANSPORT) x->sel.family = p->family; + Reverting this part should fix it, but would break inter family tunnels again. It seems we need a different indication for xfrm_init_state() for inter family SAs. Kazunori, any ideas?